CVE-2009-2903

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.

Published: Sep 15, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-2903
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-772

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.4.0	2.4.37.6.x
linux / linux_kernel	2.6.0	2.6.31.x
suse / linux_enterprise_server	10-sp3	10-sp3.x
suse / linux_enterprise_server	9	9.x
suse / linux_enterprise_server	10-sp2	10-sp2.x
suse / linux_enterprise_desktop	10-sp2	10-sp2.x
suse / linux_enterprise_software_development_kit	10-sp2	10-sp2.x
suse / linux_enterprise_debuginfo	10-sp2	10-sp2.x
suse / linux_enterprise_desktop	10-sp3	10-sp3.x
suse / linux_enterprise_debuginfo	10-sp3	10-sp3.x
suse / linux_enterprise_software_development_kit	10-sp3	10-sp3.x
canonical / ubuntu_linux	9.04	9.04.x
canonical / ubuntu_linux	8.10	8.10.x
canonical / ubuntu_linux	8.04	8.04.x
canonical / ubuntu_linux	6.06	6.06.x

Vulnerability Database

300,214

CVE-2009-2903

Deep Security Visibility Without the Complexity